US11818134B1ActiveUtility
Validating application programming interface (API) requests to infrastructure systems hosted in a cloud computing environment
Est. expirySep 30, 2040(~14.2 yrs left)· nominal 20-yr term from priority
H04L 63/102G06F 9/547G06F 21/54
86
PatentIndex Score
8
Cited by
31
References
20
Claims
Abstract
Techniques for performing application programming interface (API)-level validation of API requests to infrastructure resources in a cloud computing environment are provided. One technique includes receiving an API request from a user to access a cloud computing service in the cloud computing environment. A determination is made as to whether at least one action indicated in the API request is allowed to be performed, based at least in part on one or more parameters of the API request. Upon determining that the at least one action is allowed to be performed, the API request is forwarded to the cloud computing service.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer-readable storage medium storing instructions, which, when executed on one or more computing systems, perform an operation for validating an application programming interface (API) request, the operation comprising:
obtaining, at a validation service in a cloud computing environment, an API request from a user to access a first cloud computing service in the cloud computing environment;
determining, by the validation service, at least one rule for determining whether the API request is valid, based on one or more parameters of the API request;
requesting, by the validation service, at least one second cloud computing service to determine, based on the at least one rule, a validation result indicating whether the API request is valid;
obtaining, by the validation service, an indication of the validation result from the at least one second cloud computing service;
determining, by the validation service, that the validation result indicates the API request is not valid;
determining, by the validation service, that an operating mode is a reporting mode in which the at least one rule is not being enforced; and
upon determining, by the validation service, that the validation result indicates the API request is not valid and the operating mode is a reporting mode in which the at least one rule is not being enforced:
forwarding, by the validation service, the API request to the first cloud computing service;
receiving, by the validation service, a first message in response to the API request from the first cloud computing service; and
sending, by the validation service, a second message based on the first message to the user.
2. The computer-readable storage medium of claim 1 , wherein the API request indicates at least one action for the first cloud computing service to perform to infrastructure resources in the cloud computing environment that are associated with the user.
3. The computer-readable storage medium of claim 2 , wherein determining whether the API request is valid comprises determining whether the at least one action is allowed to be performed to the infrastructure resources.
4. The computer-readable storage medium of claim 1 , wherein:
the at least one second cloud computing service comprises an event-driven computing service; and
requesting the at least one second cloud computing service to determine the validation result comprises triggering, via the event-driven computing service, execution of one or more functions associated with the at least one rule.
5. The computer-readable storage medium of claim 1 , the operation further comprising, upon determining, by the validation service, that the validation result indicates the API request is not valid and the operating mode is a reporting mode in which the at least one rule is not being enforced, providing an indication that the API request would have been denied if the at least one rule were being enforced.
6. A computer-implemented method comprising:
receiving, at a first cloud computing service in a cloud computing environment, an application programming interface (API) request from a user to access a second cloud computing service in the cloud computing environment;
determining whether at least one action indicated in the API request is allowed to be performed, based at least in part on one or more parameters of the API request, comprising:
determining, based on the one or more parameters of the API request, there is at least one validation rule associated with the API request;
upon determining there is at least one validation rule associated with the API request, (i) identifying at least one computing system designated for evaluating the API request and (ii) triggering the at least one computing system to evaluate the API request according to the validation rule; and
determining that the at least one action is not allowed to be performed;
determining that an operating mode is a reporting mode in which the at least one validation rule is not being enforced; and
upon determining that the at least one action is not allowed to be performed, and the operating mode is a reporting mode in which the at least one validation rule is not being enforced, forwarding, by the first cloud computing service, the API request to the second cloud computing service.
7. The computer-implemented method of claim 6 , further comprising:
receiving a message in response to the API request from the second cloud computing service, after forwarding the API request; and
relaying the message to the user.
8. The computer-implemented method of claim 6 , wherein:
the first cloud computing service comprises a reverse proxy; and
the API request is received at the reverse proxy via a single endpoint of the reverse proxy.
9. The computer-implemented method of claim 6 , wherein:
the at least one computing system comprises an event-driven computing service;
the at least one validation rule comprises custom configured logic for determining whether the at least one action is allowed to be performed; and
triggering the at least one computing system comprises invoking the event-driven computing service to execute the custom configured logic.
10. The computer-implemented method of claim 6 , wherein:
the first cloud computing service comprises the at least one computing system; and
the at least one validation rule comprises logic based on the one or more parameters of the API request.
11. The computer-implemented method of claim 6 , wherein:
the at least one validation rule indicates a time period for performing the at least one action; and
triggering the at least one computing system comprises querying the at least one computing system to determine whether the at least one action is allowed during the time period.
12. The computer-implemented method of claim 6 , wherein:
the at least one validation rule indicates one or more predetermined criteria; and
triggering the at least one computing system comprises querying the at least one computing system to determine whether the one or more predetermined criteria are satisfied.
13. The computer-implemented method of claim 12 , wherein the one or more predetermined criteria are based on a current state of an infrastructure resource in the cloud computing environment.
14. The computer-implemented method of claim 6 , wherein:
the at least one computing system comprises a machine learning model; and
triggering the at least one computing system comprises evaluating at least one of the validation rule, the one or more parameters of the API request, a configuration of infrastructure resources in the cloud computing environment, and user feedback with the machine learning model to determine whether the at least one action is allowed.
15. The computer-implemented method of claim 6 , further comprising upon determining that the at least one action is not allowed to be performed, sending, by the first cloud computing service, a first message to the user indicating that the API request is denied.
16. The computer-implemented method of claim 15 , further comprising sending a second message to the user indicating a reason why the API request is denied.
17. A computer-implemented method comprising:
receiving, at a first cloud computing service in a cloud computing environment, an application programming interface (API) request from a user, the API request indicating at least one action for a second cloud computing service to perform to infrastructure resources in the cloud computing environment;
determining a governance policy associated with the API request, wherein the governance policy indicates (i) at least one validation rule associated with the API request and (ii) an operating mode;
determining, based at least in part on the at least one validation rule, that the at least one action is not allowed to be performed;
determining that the operating mode is a reporting mode in which the at least one validation rule is not being enforced; and
based upon determining that (i) the at least one action is not allowed to be performed and (ii) the operating mode is a reporting mode in which the at least one validation rule is not being enforced:
forwarding, by the first cloud computing service, the API request to the second cloud computing service;
receiving, by the second cloud computing service, a first message in response to the API request from the first cloud computing service; and
sending, by the first cloud computing service, a second message based on the first message to the user.
18. The computer-implemented method of claim 17 , further comprising sending a second message with the first message indicating that the at least one action is not allowed to be performed.
19. The computer-implemented method of claim 18 , wherein determining whether the at least one action is allowed to be performed comprises:
triggering an event-driven computing service to execute the at least one validation rule associated with the API request; and
receiving an indication of whether the at least one action is allowed to be performed from the event-driven computing service.
20. The computer-implemented method of claim 19 , wherein the at least one validation rule comprises custom configured logic for determining whether the at least one action is allowed to be performed.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.